[14/14] Fix UTF-16 surrogate handling.
Commit Message
According to the latest Unicode standard, a conversion from/to UTF-xx has
to report an error if the character value is in range of an utf16 surrogate
(0xd800..0xdfff). See https://sourceware.org/ml/libc-help/2015-12/msg00015.html.
Thus this patch fixes this behaviour for converting from utf32 to internal and
from internal to utf8.
Furthermore the conversion from utf16 to internal does not report an error if the
input-stream consists of two low-surrogate values. If an uint16_t value is in the
range of 0xd800 .. 0xdfff, the next uint16_t value is checked, if it is in the
range of a low surrogate (0xdc00 .. 0xdfff). Afterwards these two uint16_t
values are interpreted as a high- and low-surrogates pair. But there is no test
if the first uint16_t value is really in the range of a high-surrogate
(0xd800 .. 0xdbff). If there would be two uint16_t values in the range of a low
surrogate, then they will be treated as a valid high- and low-surrogates pair.
This patch adds this test.
ChangeLog:
* iconvdata/utf-16.c (BODY): Report an error if first word is not a
valid high surrogate.
* iconvdata/utf-32.c (BODY): Report an error if the value is in range
of an utf16 surrogate.
* iconv/gconv_simple.c (BODY): Likewise.
---
iconv/gconv_simple.c | 3 ++-
iconvdata/utf-16.c | 12 ++++++++++++
iconvdata/utf-32.c | 2 +-
3 files changed, 15 insertions(+), 2 deletions(-)
Comments
If this is user-visible in a release, there should be a bug filed in
Bugzilla (if there isn't one already open), and a testcase added to the
testsuite.
@@ -892,7 +892,8 @@ ucs4le_internal_loop_single (struct __gconv_step *step,
if (__glibc_likely (wc < 0x80)) \
/* It's an one byte sequence. */ \
*outptr++ = (unsigned char) wc; \
- else if (__glibc_likely (wc <= 0x7fffffff)) \
+ else if (__glibc_likely (wc <= 0x7fffffff \
+ && (wc < 0xd800 || wc > 0xdfff))) \
{ \
size_t step; \
unsigned char *start; \
@@ -295,6 +295,12 @@ gconv_end (struct __gconv_step *data)
{ \
uint16_t u2; \
\
+ if (__glibc_unlikely (u1 >= 0xdc00)) \
+ { \
+ /* This is no valid first word for a surrogate. */ \
+ STANDARD_FROM_LOOP_ERR_HANDLER (2); \
+ } \
+ \
/* It's a surrogate character. At least the first word says \
it is. */ \
if (__glibc_unlikely (inptr + 4 > inend)) \
@@ -329,6 +335,12 @@ gconv_end (struct __gconv_step *data)
} \
else \
{ \
+ if (__glibc_unlikely (u1 >= 0xdc00)) \
+ { \
+ /* This is no valid first word for a surrogate. */ \
+ STANDARD_FROM_LOOP_ERR_HANDLER (2); \
+ } \
+ \
/* It's a surrogate character. At least the first word says \
it is. */ \
if (__glibc_unlikely (inptr + 4 > inend)) \
@@ -239,7 +239,7 @@ gconv_end (struct __gconv_step *data)
if (swap) \
u1 = bswap_32 (u1); \
\
- if (__glibc_unlikely (u1 >= 0x110000)) \
+ if (__glibc_unlikely (u1 >= 0x110000 || (u1 >= 0xd800 && u1 < 0xe000))) \
{ \
/* This is illegal. */ \
STANDARD_FROM_LOOP_ERR_HANDLER (4); \